Microsoft will just refuse to let me log with a third-party TOTP after setting it up. Security key is also "not supported" on Firefox even though it works for every other site.
The most info they will get is my Minecraft account and that's already too much...
I set it up with Bitwarden after a reset, but it showed a popup telling me to switch to MS Auth every time until one day there was no way to refuse the switch anymore.
^ Your M365 admin needs to know where to manage the specific authentication methods and be sure to disable MS auth rollouts.
By default right now, authentication rollouts are enabled on all tenants with P1 licensing or above, and it only supports the MS Authenticator app.
Once that rollout is disabled, the authentication methods your admin has made available to you will actually work properly.